Data Protection Policy
a. “Conference” means the conference you have selected to attend in your abstract or registration form.
c. “Delegate” means the delegate who attends or wishes to attend the Conference.
d. “Data” means collectively all information that you submit to our Web Site. This includes, but is not limited to, account details and information submitted using any of our services or systems;
e. “Service” means collectively any online facilities, tools, services or information that ARICON makes available through its website either now or in the future;
f. “System” means any online communications infrastructure that ARICON makes available through its website either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
g. “Website” means the website of ARICON i.e., www.arintconferences.com and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. ARICON Duties
2.1. ARICON needs to process personal data about its current, prospective and former delegates and their sponsoring institutions, its current, prospective and former staff, its suppliers/ contractors, its current and prospective supporters and other individuals connected to the company, as part of its everyday operations and is legally obliged to process such personal data in accordance with the Data Protection Act 1998, U.K (“the DPA”)
2.2. For the purposes of the DPA, the data controller is ARICON, which is committed to compliance with the DPA and takes seriously the responsibility of handling personal information.
2.3. This Policy has been developed to ensure that ARICON meets its obligations under the DPA.
3. Data Protection Principles
The Data Protection Principles require ARICON to ensure all personal data is:
• fairly and lawfully processed;
• processed for a lawful purpose;
• adequate, relevant and not excessive;
• accurate and up to date;
• not kept for longer than necessary;
• processed in accordance with the data subject’s rights;
• protected by appropriate security; and
• not transferred to other countries without adequate protection.
4. Personal data processed by ARICON
4.1. Personal data processed by ARICON can take different forms – it may be factual information, expressions of opinion, images or other recorded information which identifies or imparts something of significance about a living individual.
4.2. Personal data processed by ARICON may include (but is not limited to) basic personal details, contact details and: (for staff and contractors) additional information required for their employment or appointment including images and biometric data; (for delegates) passport and visa information, academic, disciplinary and other education related records, employment details, information about special educational needs, references, photographs, and financial information/bank details.
4.3. ARICON collects the personal data it processes directly from the data subject and from third parties (for example referees, sponsoring institutions, universities and the Criminal Records Bureau).
5. Purposes for which Personal Data may be processed
Personal data (including sensitive personal data, where appropriate) is processed by ARICON in accordance with the Data Protection Act for the following purposes:
The provision of education including the registration of prospective delegates and administration of the application/registration process; administration of the Conference programme and timetable; providing certificates of attendance/participation to delegates; publication of conference proceedings, abstracts handbook and e-journal. The provision of educational support and ancillary services including the administration of the Conference social programme activities; conference venue administration; and provision of wi-fi at conference venue.
The general administration of ARICON including the compilation of delegate records; the administration of invoices, fees and accounts; the management of the University/College/Hotel property where summer Conference is organised; the management of security and safety arrangements (including the use of CCTV); the administration and implementation of ARICON’s policies; and other reasonable purposes related to the ARICON’s operations, such as information given to University or College or Hotel venue providers.
The protection and promotion of ARICON’s legitimate interests and objectives including the publication of its website, the prospectus, fixtures and other promotional publications promote ARICON’s conferences to prospective delegates. The administration of its staff, agents and suppliers including the recruitment of staff/ engagement of contractors (including compliance with CRB procedures); administration of payroll, pensions and sick leave and the maintenance of appropriate human resources records for current and former staff; and providing references.
The fulfilment of the ARICON’s contractual and other legal obligations
6. Processing of Personal Data
6.1 ARICON will only process personal data for the purpose(s) for which it was originally acquired and will not process it for any other purpose without the data subject’s permission, unless it is permitted to do so under the DPA. ARICON may communicate with data subjects for the purposes set out above by post, email and SMS.
6.2 Personal data shall only be disclosed to those members of ARICON’s staff and suppliers who need to access the personal data to carry out the purpose(s) for which it was acquired. ARICON adopts appropriate security measures to ensure that personal data is kept secure and not processed without proper authority. ARICON observes legislative requirements and current best practice to ensure personal data is kept for no longer than necessary.
6.3 ARICON will not transfer personal data outside of the EEA unless it is satisfied that the data subject’s rights under the DPA will be adequately protected.
6.4 ARICON would seek permission from the delegate before featuring the delegate particularly prominently in documentary films or articles for which ARICON may give permission.
6.5 When processing personal data for the purposes set out above ARICON may communicate by post, email and SMS and may make use of cloud computing services.
7. Third parties with Whom ARICON may need to share information
From time to time ARICON may pass personal data (including sensitive personal data where appropriate) to third parties, including local authorities, other public bodies (e.g. British Consulate in different countries), health care professionals, social activities providers, university/college/hotels providing conference venue, who will process the data:
- to enable the relevant authorities to monitor ARICON’s performance;
- to compile statistical information (normally used on an anonymous basis);
- to ensure the delegates’ safe arrival
- to safeguard delegate’s welfare and provide, where relevant, medical care;
- where necessary in connection with conference and social activities undertaken by delegates; to monitor elegate’s special needs and requirements; to obtain appropriate professional advice and insurance for ARICON;
- where a reference or other information about a delegate is requested by an educational establishment or employer to whom they have applied or already working;
- where otherwise required by law;
- otherwise where reasonably necessary for the operation of the ARICON and employment of its staff;
In the event of sale or purchase of any business or assets by ARICON, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If ARICON or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. All third party organisations are expected to comply with the Data Protection Act 1998 themselves and ARICON has no influence over the way they use their data.
8. Rights of Access to Personal Data
8.1Delegates have the right under the Data Protection Act to be given access to personal data held about them by ARICON. If a delegate wishes to access his/her personal data held by ARICON, a request should be submitted to ARICON in writing. ARICON may charge an administration fee of £10 for providing this information.
8.2 ARICON aims to respond to such subject access requests as quickly as possible and will ensure that any information is provided within 40 days unless an exemption from the right of access under the DPA applies. Some information is exempt from the right of access, such as details of a third party or disclosure of another individual. ARICON also has the right to withhold information that may cause distress or is damaging to read. Any references ARICON has received by a third party will not be disclosed unless the disclosure will not identify the source of the reference.
ARICON will endeavor to ensure that all personal data held in relation to students is accurate and up to date. Delegates must notify ARICON of any changes to information held about them. A delegate has the right to request that inaccurate information about them is to be corrected.
ARICON will take reasonable steps to ensure that personal data is kept secure and is only accessed by authorised members of its staff for the purposes for which it is held. All staff will be made aware of this Data Protection Policy and their duties under the DPA.
11. Delegate’s responsibility
All delegates have a responsibility to comply with the Data Protection Act. They should not disclose personal information about another person without the consent of that person. This includes posting photographs on the Internet. If a delegate is found to have breached confidentiality it will lead to serious implications.
12.1. If a delegate believes that ARICON has not complied with this Policy or has acted otherwise than in accordance with the DPA, he/she should notify ARICON which shall, where appropriate, refer the matter for resolution in accordance with ARICON’s grievance/ disciplinary procedure (for staff) or complaints procedure (for delegates).
12.2. This policy forms part of the terms and conditions of all employees’ contracts of employment. A breach of the policy may be regarded as misconduct, leading to disciplinary action up to and including summary dismissal.
13. Changes to Our Data Protection Policy
Any questions, comments and requests regarding our data protection policy are welcomed and should be addressed at firstname.lastname@example.org